Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations derfloh on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
Need subnet mask info
- Thread starter Narboule
- Start date
What you just asked for is not easily done with any simple explenation. You are basically asking how do I use IP addressing in itself, and that is a large bit of learning.
NOTE: MY BELOW EXPLENATION IS NOT EXTREMELY DESCRIPTIVE. THERE IS A LOT I AM LEAVING OUT TO REDUCE SOME EXPLAINING.THIS IS JUST A GLANCE OVER. Hope it helps.
Here is the easiest things I can point out to you, if you are blocking a range using and Access-List the access list has a wild card bit mask. This bit mask is a reversed version of a subnet mask. Zero equals match and the subnet is reversed, for example let us say you want to block the first 30 addresses in the below example.
10.17.1.1 255.255.255.0
hmmmmmm, what will my access list look like, what do I need to do? Well let's take a look at this subnet mask in binary.
11111111.11111111.11111111.00000000
Now, we need to block the up to the first 30 valid addresses of this class C address pool. Think of the zeros as matching and the ones are what you need to calculate for blocking. Now going from left to right we see match.match.match.??????
00001011.00010001.00000001.00000000 | Address=10.17.1.0
00000000.00000000.00000000.00011111 | wild card mask
-----------------------------------
00001011.000100001.0000001.00011111 | blocked
range=10.17.1.31
If we match the 00011111 with the below numbers you get your wildcard bit.
124 64 32 16 8 4 2 1
0 0 0 1 1 1 1 1 = 16+8+4+2+1=31
So from left to right we see 0.0.0.31 this is your bit mask for an access list. Which for an example of an access list
would look like:
Router1>en
Router1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Router1(config)#access-list 187 deny ip 10.17.1.1 0.0.0.31 any
Router1(config)#access-list 187 permit ip any any
(You would then need to apply the Access-List to an interface)
Router1(config)# interface serial 0/0
Router1(config-if)# ip access-group 187 in
or you could use OUT for outbound ip blocking.
NOTE: MY BELOW EXPLENATION IS NOT EXTREMELY DESCRIPTIVE. THERE IS A LOT I AM LEAVING OUT TO REDUCE SOME EXPLAINING.THIS IS JUST A GLANCE OVER. Hope it helps.
Here is the easiest things I can point out to you, if you are blocking a range using and Access-List the access list has a wild card bit mask. This bit mask is a reversed version of a subnet mask. Zero equals match and the subnet is reversed, for example let us say you want to block the first 30 addresses in the below example.
10.17.1.1 255.255.255.0
hmmmmmm, what will my access list look like, what do I need to do? Well let's take a look at this subnet mask in binary.
11111111.11111111.11111111.00000000
Now, we need to block the up to the first 30 valid addresses of this class C address pool. Think of the zeros as matching and the ones are what you need to calculate for blocking. Now going from left to right we see match.match.match.??????
00001011.00010001.00000001.00000000 | Address=10.17.1.0
00000000.00000000.00000000.00011111 | wild card mask
-----------------------------------
00001011.000100001.0000001.00011111 | blocked
range=10.17.1.31
If we match the 00011111 with the below numbers you get your wildcard bit.
124 64 32 16 8 4 2 1
0 0 0 1 1 1 1 1 = 16+8+4+2+1=31
So from left to right we see 0.0.0.31 this is your bit mask for an access list. Which for an example of an access list
would look like:
Router1>en
Router1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Router1(config)#access-list 187 deny ip 10.17.1.1 0.0.0.31 any
Router1(config)#access-list 187 permit ip any any
(You would then need to apply the Access-List to an interface)
Router1(config)# interface serial 0/0
Router1(config-if)# ip access-group 187 in
or you could use OUT for outbound ip blocking.
- Status
Similar threads
- Locked
- Question